WO2018157667A1 - Method and device for generating password - Google Patents

Method and device for generating password Download PDF

Info

Publication number
WO2018157667A1
WO2018157667A1 PCT/CN2018/072025 CN2018072025W WO2018157667A1 WO 2018157667 A1 WO2018157667 A1 WO 2018157667A1 CN 2018072025 W CN2018072025 W CN 2018072025W WO 2018157667 A1 WO2018157667 A1 WO 2018157667A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
user
key
logged
user password
Prior art date
Application number
PCT/CN2018/072025
Other languages
French (fr)
Chinese (zh)
Inventor
肖建华
王晓静
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018157667A1 publication Critical patent/WO2018157667A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present disclosure relates to information security technologies, and in particular, to a password generation method and apparatus.
  • the embodiments of the present disclosure provide a password generation method and apparatus to improve the security of a user account password and facilitate user operations.
  • An embodiment of the present disclosure provides a password generating method, including: acquiring feature data of a to-be-registered object and a core user password; generating a key based on the core user password; using a first preset encryption algorithm, the key and the The feature data is subjected to an encryption operation to obtain a user password, wherein the user password is used to log in to the object to be logged in.
  • the embodiment of the present disclosure further provides a password generating apparatus, including: a data input module, a key generation module, and a cryptographic operation main module, wherein the data input module is configured to acquire feature data of a to-be-registered object and a core user password;
  • the key generation module is configured to generate a key based on the core user password;
  • the password operation main module is configured to adopt a first preset encryption algorithm, perform encryption operation on the key and the feature data, and obtain a user password.
  • the user password is used to log in to the object to be logged in.
  • Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the methods described above.
  • An embodiment of the present disclosure provides a method and an apparatus for generating a password, where first, acquiring feature data of an object to be logged in, then acquiring a core user password, and generating a key based on the core user password, and finally adopting a preset encryption algorithm.
  • the user password is obtained based on the key and the feature data of the object to be logged in, so that the user password can be used to log in to the object to be logged in.
  • the feature data corresponding to the object to be logged in is generated according to the feature information of the application or the website, the registered user name, the time information of the registered user name, and the like, and according to the core user password and the object to be logged in.
  • the feature data generates the user password required by the user. Therefore, the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, thereby greatly improving the security of the user account password, The user can log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.
  • FIG. 1 is a schematic structural diagram of a password generating apparatus in an embodiment of the present disclosure
  • Example 2 is a schematic flow chart of a password generating method in Example 1 of the present disclosure
  • Example 3 is a schematic flowchart 1 of a method for generating a password in Example 2 of the present disclosure
  • Example 4 is a schematic flowchart 2 of a method for generating a password in Example 2 of the present disclosure
  • Example 5 is a schematic flowchart 3 of a method for generating a password in Example 2 of the present disclosure
  • FIG. 6 is a schematic structural diagram of a password generating apparatus in Example 3 of the present disclosure.
  • the embodiment of the present disclosure provides a password generating method, which is applied to a password generating device, and the device can be applied to a terminal such as a smart phone, a tablet computer, a notebook computer, a smart watch, etc., which supports login of an application or a website with user account information.
  • the method can be applied to various occasions requiring passwords in the terminal identity authentication service and the identity registration service, such as logging in to a website, logging in to a social application, dialing a network, and the like.
  • a user may generate a high password strength user password that conforms to the website password setting rules by the device when registering an account for a website.
  • FIG. 1 is a schematic structural diagram of a password generating apparatus according to an embodiment of the present disclosure.
  • the apparatus includes: a data input module (DIM) 101 and a key generation module ( KGM, Key Generation Module 102, MEM (Main Encryption Module) 103.
  • DIM data input module
  • KGM Key Generation Module
  • MEM Mainn Encryption Module
  • the DIM is set to obtain feature data of the object to be logged in
  • the feature data of the object to be logged in may be generated by one or more of the feature information of the application or website to be logged in, the user name, the date of registering the user, or the date the password is modified, thereby ensuring the characteristic of the input data.
  • the feature information of the application or the website to be logged in refers to the information that can uniquely represent the application or the website, so that the application or website to be logged in is different from other applications or websites, and in the actual application, the application or website to be logged in
  • the feature information may refer to an application name, a website domain name, a number set in advance for each application or website, and the like.
  • KGM is set to obtain the core user password input by the user, and generate a key calculated by the core user password
  • the core user password is the only information that the user has to remember. When the user uses the user password to log in to the application or website, the core user password can be entered.
  • the key is the key required by the MEM to perform the encryption operation to generate the user password;
  • the MEM is set to perform an encryption operation based on the above key and feature data to obtain a user password.
  • the user password required by the user is generated according to the core user password and the feature data of the object to be logged in, and the feature data of the object to be logged in is the feature information, the user name, the registered user, or the user or the website to be logged in.
  • the password is modified by one or more of the data, etc., so the user password has strong randomness, less storage space requirement, is difficult to crack, and the password of different applications is not related, and can greatly improve the password of the user account.
  • Security, and users can log in only by remembering the core user password, which is convenient for users to operate and provide a good user experience.
  • FIG. 2 is a schematic flowchart of a method for generating a password in the first example of the present disclosure. Referring to FIG. 2, the method includes:
  • the to-be-registered object may be an application software, such as a live chat application, a shopping application, etc., or may be a website, such as a video playing website, a search website, etc., of course, other objects that support the login function of the user identity information.
  • the local area network is interconnected, and the embodiments of the present disclosure are not specifically limited herein.
  • the feature data of the to-be-registered object is composed of at least one of the feature information of the object to be logged in, the user name registered in the object to be logged in, and the time information corresponding to the object to be logged in.
  • the time information may be the user.
  • the time information refers to the time of registering the user name; if the user has modified the user password, the time information is updated to the last time the user password is modified.
  • the time thus, the time information refers to the time when the user last modified the password of the user used to log in to the object to be logged in.
  • the feature data of the object to be logged in may be characterized by a feature that can uniquely represent the application or website to be logged in, such as a number assigned in advance to the object to be logged, an application name, a website domain name, etc., and a user's use in registering the identity information.
  • a user name, a personal mailbox, etc., and time information such as one or more data in the data such as the date of the registered user or the date when the user password was modified.
  • the DIM can obtain the feature information of the website or application to which the user is to log in. Data such as the user name registered by the user, the date the user registers or changes the password, and serially splicing the data to generate feature data as input data of the DIM.
  • the user may register the identity information, and the feature information of the website or application to which the user is to be logged in, the user name registered by the user, the user registration or
  • the data such as the date of the modified password and the feature data generated by the DIM are stored in the database, so that when the user wants to log in to the corresponding application or website with the previously registered identity information, the DIM can be based on the characteristics of the application or website to be logged in.
  • Information such as the application name, website domain name, etc., finds the corresponding feature data from the database.
  • the terminal may update the feature data according to the operation of the user or periodically. For example, when the terminal determines that the feature data is to be updated, the feature data may be updated using the current date.
  • the core user password may be set by the user, or may be assigned to the user by the login application or the website when registering, wherein each user is assigned a unique core user password.
  • the only information that the user has to remember is the core user password.
  • the core user password can be entered.
  • S203 Generate a key based on a core user password.
  • the KGM can use the core user password to generate the key required for the MEM to perform the encryption operation.
  • the S203 may include: using a second preset encryption algorithm, encrypting and calculating a core user password to obtain a source password; and extracting, by using a source password, a preset length of data as a key.
  • the preset length is a key length used when the first preset encryption algorithm performs an encryption operation.
  • the KGM When a user logs in to an application or website using a user password, the user can enter the core user password. After the user inputs the core user password, the KGM obtains the core user password and starts the user password generation function, and then uses the second preset encryption algorithm to encrypt and calculate the core user password to obtain the source password. Finally, the KGM can intercept the data of the key length from the source password according to the key length required for the MEM to perform the encryption operation as the key required for the MEM to perform the encryption operation.
  • the Hash encryption algorithm such as SHA256, SHA384, and SHA512 may be used as the second preset encryption algorithm.
  • other encryption algorithms may be used as the second preset encryption algorithm.
  • the embodiment of the present disclosure does not specifically limited.
  • the second preset encryption algorithm is SHA256, SHA384 or SHA512, respectively, the length of the source password obtained by the KGM may correspond to 32, 48 or 64 bytes.
  • the key length may be determined according to an encryption algorithm used when the MEM performs an encryption operation, or may be preset before the terminal leaves the factory.
  • the data of the key length may be obtained from the source password in the order from the back to the front, from the back to the front, or other order, and the data of the obtained key length is determined as required for the MEM to perform the encryption operation. Key.
  • the KGM can intercept the first 128 bits of the source password as the key.
  • the KGM can also intercept the last 128 bits of the source password as the key.
  • the 128-bit data can be intercepted from the source password as a key, which is determined by a person skilled in the art in the specific implementation process.
  • the embodiment of the present disclosure No specific restrictions.
  • S204 Perform an encryption operation according to the key and the feature data to obtain a user password.
  • the MEM acquires the feature data and the key, and then uses the first preset encryption algorithm to use the key for the feature data. Perform an encryption operation to obtain a user password. In this way, the user can get the user password associated with the currently pending object.
  • the first preset encryption algorithm may be a symmetric encryption algorithm, such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), triple The data encryption algorithm (TDEA, Triple Data Encryption Algorithm), etc., of course, may also be other encryption algorithms, and the embodiments of the present disclosure are not specifically limited herein.
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • TDEA Triple Data Encryption Algorithm
  • the S204 may include: using a symmetric encryption algorithm to perform operations on the key and the feature data to obtain an encryption operation result; and obtaining a password setting rule of the object to be logged in, wherein the password setting rule at least includes the object to be logged in to support The type of the password character and the length of the password; the encryption operation result is processed according to the password setting rule, and the user password is obtained.
  • the MEM first encrypts the feature data of the object to be logged by the DIM based on the key calculated by the KGM, and obtains the result of the encryption operation. Then, the MEM obtains the type of the password character and the length of the password supported by the object to be logged in. Finally, each byte data of the encryption operation result is mapped to a character in the password character type supported by the object to be logged, and then the character matching the password setting rule of the object to be logged is obtained according to the password length supported by the object to be logged in. String, which is ultimately determined as the user password.
  • the user password is formed by various combinations of lowercase letters such as 'a-z', uppercase letters such as 'A-Z', numbers such as '0-9', and special characters such as '*, _'.
  • the terminal can automatically fill in the user password into the password text box to use the user password to log in to the application or website.
  • the feature data of the object is encrypted and the user password is obtained, so that the user password can be used to log in to the object to be registered.
  • the feature data corresponding to the object to be logged in is generated according to the information of the application or the feature information of the website, the user name, the registered user, or the date of modifying the password, and according to the core user password and the characteristics of the object to be logged in.
  • the data generates the user password required by the user.
  • the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, which greatly improves the security of the user account password, and makes the user Log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.
  • the user may register the identity information in the application by using the user password generated by the terminal, or regenerate the user password when logging in to the application, so as to log in to the application, and of course, when the user password is changed. Generate a new user password.
  • FIG. 3 is a schematic flowchart 1 of the password generation method in the second example of the disclosure. Referring to FIG. 3, the method includes:
  • S301 Receive registration information input by the user, and obtain feature information of the target application and current system time information;
  • the feature data for generating the user password is acquired.
  • the user can fill in the registration information, such as the user name, personal mailbox, contact information, etc. in the registration interface of the target application.
  • the DIM receives the registration information input by the user, and obtains the feature information of the target application from the target application, such as an application. Name, application server domain name, etc., and then obtain current system time information from the terminal as the date of user registration.
  • the date of user registration refers to the time information of the user registering the user name in the target application.
  • S302 categorize the feature information, the registration information, and the current system time information to generate feature data.
  • the feature data acquired by the DIM includes the feature information (APK_Info) of the application, the user name (User_Name), and the date of the user registration (Current_Time), the feature data Data_Para obtained by the DIM may use the following expression (1). To represent,
  • the terminal may encode the feature information of each application, such as the code of the "payment application” is 0x00000001, the code of the "chat application” is 0x00000003, and the terminal may also give each user name. Coding, such as “Zhang San” is 0x12345678, “Li Si” is 0x12345679; the terminal can also encode the time information, such as "14:05 on December 13, 2016” can be coded as 0x0000201611131405.
  • the encoding of the application and the encoding of the username are respectively 4-byte data
  • the encoding of the registered user date is 8-byte data.
  • the feature information of the target application obtained by the DIM is the application name “payment application”
  • the registration information input by the user is the user name “Zhang San”
  • the current system time is “14:05 on December 13, 2016”.
  • S303 Receive a core user password input by the user.
  • S304 Generate a key according to a core user password.
  • KGM can use the Hash encryption algorithm such as SHA256, SHA384, SHA512 to encrypt the core user password to obtain the source password; then, the preset length data is intercepted from the source password to obtain the key.
  • Hash encryption algorithm such as SHA256, SHA384, SHA512
  • the length of the source password obtained by the KGM may correspond to 32, 48, or 64 bytes.
  • the source password Source_Key obtained by calculating the core user password by the hash encryption algorithm may be expressed by the following expression (2).
  • Source_Key Hash(User_Key) (2)
  • Source_Key is the result of Hash encryption operation.
  • the key length may be determined according to an encryption algorithm used when the MEM performs an encryption operation, or may be preset before the terminal leaves the factory.
  • the data of the key length may be obtained from the source password in the order from the back to the front, from the back to the front, or other order, and the data of the obtained key length is determined as required for the MEM to perform the encryption operation. Key.
  • the KGM can intercept the first 128 bits of the Source_Key data as the key Key, so that the Key can be represented by the following expression (3).
  • Key is the key
  • Source_Key is the source password
  • [0:127] indicates that the data from the 0th to the 127th bits are intercepted.
  • the KGM can also intercept the last 128 bits of the Source_Key as the key Key.
  • Key is the key
  • Source_Key is the source password
  • [128:255] indicates that the data from the 128th to the 255th bit is intercepted.
  • S305 Perform an encryption operation according to the key and the feature data to obtain a user password.
  • the MEM After the MEM obtains the key Key and the feature data Data_Para, it sets the number of rounds of the AES encryption operation to 0. Then, as shown in the expression (5), the Data_Para and the Round are added, using the Key.
  • the AES encryption operation is performed as a key to obtain a password code User_Code; finally, a character string satisfying the password length required to register the application is generated according to User_Code. In this way, the user password required by the user is obtained.
  • User_Code is the result of AES encryption operation
  • Key is the key
  • Data_Para is the feature data
  • Round is the number of operation rounds of AES encryption operation
  • Round is greater than or equal to 0.
  • Round can be set to 0 when AES encryption operation is initialized. If it is determined that the length of the string mapped by User_Code is less than the length of the password required to register the application, Round can be incremented and User_Code can be recalculated until User_Code is mapped. When the length of the string is equal to the length of the password required to register the application, the string is determined to be the user password.
  • the length of the user password generated by the MEM may be specified by the user in advance, or may be determined by the MEM according to the password length in the password setting rule of the target application.
  • the embodiments of the present disclosure are not specifically limited.
  • the identity information can be used to log in to the target application.
  • FIG. 4 is a schematic flowchart 2 of the password generation method in the second example of the present disclosure. Referring to FIG. 4, the method includes:
  • the user password generating instruction is used to indicate the user password of the application to be logged in, and carries the feature information of the application to be logged in.
  • the feature information can uniquely identify the target application to be logged in.
  • S402 Perform a user password generation instruction, and acquire feature information of the application to be logged in;
  • the feature information of the application to be logged in is first obtained from the user password generation instruction, so as to acquire the corresponding feature data.
  • S403 Search for corresponding feature data according to the feature information.
  • the feature data corresponding to the application to be logged in may be searched from the local database according to the feature information.
  • the corresponding feature data and the data used to generate the feature data are stored in a local database according to the feature information of the application, so that Regenerate the user password when logging in to the app.
  • S405 Generate a key according to a core user password.
  • S406 Perform an encryption operation according to the key and the feature data to generate a user password.
  • FIG. 5 is a schematic flowchart 3 of the password generation method in the second example of the disclosure. Referring to FIG. 5, the method includes:
  • the user password update instruction is used to instruct to update the user password in the target application according to the current system time information, and carry the feature information of the target application.
  • S502 Perform a user password update instruction to acquire feature information of the target application.
  • the feature information of the target application may be acquired first.
  • S503 Search for corresponding feature data according to the feature information.
  • S504 Acquire current system time information, and update feature data.
  • the time information in the feature data stored in the local database may be replaced with the time information of the current system to update the feature data;
  • the feature data is as shown in Expression (6)
  • the time information of the current system added to the feature data may be given, so that the updated feature data is as shown in Expression (1).
  • the embodiments of the present disclosure are not specifically limited.
  • Data_Para is a feature data
  • APK_Info is a feature information of the application
  • User_Name is a user name.
  • S506 Generate a key according to a core user password.
  • S507 Perform an encryption operation according to the key and the updated feature data, and update the user password.
  • FIG. 6 is a schematic structural diagram of a password generating apparatus in Example 3 of the present disclosure.
  • the password generating apparatus 60 includes: a data input module 601, a key generation module 602, and a password operation main module. 603, wherein the data input module 601 is configured to acquire feature data of the object to be logged in and a core user password; the key generation module 602 is configured to generate a key based on the core user password; and the cryptographic operation main module 603 is configured to adopt the first preset encryption.
  • the algorithm performs an encryption operation on the key and the feature data to obtain a user password, wherein the user password is used to log in the object to be logged in.
  • the key generation module is further configured to adopt a second preset encryption algorithm, encrypt and calculate a core user password, obtain a source password, and intercept a preset length of data from the source password to obtain a key.
  • the cryptographic operation main module is further configured to use a symmetric encryption algorithm to perform operations on the key and the feature data to obtain an encryption operation result; and obtain a password setting rule of the object to be logged in, wherein the password setting rule includes at least a password character supported by the object to be logged in Type and password length; the encryption operation result is processed according to the password setting rule, and the user password is obtained.
  • the cryptographic operation main module is further configured to map each byte data of the cryptographic operation result to a character in a cipher character type supported by the object to be logged; obtain a character string satisfying the password length based on the character; and determine the character string as the user password .
  • the data input module, the key generation module, and the cryptographic operation main module may be a Central Processing Unit (CPU), a Micro Processor Unit (MPU), and a Digital Signal Processor (DSP). Digital Signal Processor), or Field Programmable Gate Array (FPGA).
  • CPU Central Processing Unit
  • MPU Micro Processor Unit
  • DSP Digital Signal Processor
  • FPGA Field Programmable Gate Array
  • Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the methods described above.
  • computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
  • An embodiment of the present disclosure provides a method and an apparatus for generating a password, where first, acquiring feature data of an object to be logged in, then acquiring a core user password, and generating a key based on the core user password, and finally adopting a preset encryption algorithm.
  • the user password is obtained based on the key and the feature data of the object to be logged in, so that the user password can be used to log in to the object to be logged in.
  • the feature data corresponding to the object to be logged in is generated according to the feature information of the application or the website, the registered user name, the time information of the registered user name, and the like, and according to the core user password and the object to be logged in.
  • the feature data generates the user password required by the user. Therefore, the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, thereby greatly improving the security of the user account password, The user can log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a method for generating a password, comprising: obtaining characteristic data of an object to be logged in and a core user password; generating a key on the basis of the core user password; performing encryption operation on the key and the characteristic data to obtain a user password, which is used for logging in the object to be logged in. Also disclosed is a device for generating a password.

Description

一种密码生成方法及装置Password generation method and device 技术领域Technical field
本公开涉及信息安全技术,尤其涉及一种密码生成方法及装置。The present disclosure relates to information security technologies, and in particular, to a password generation method and apparatus.
背景技术Background technique
随着信息技术的进步以及智能终端的普及,信息安全越来越受到大众的关注和重视。不少终端应用、网站等中都要用户注册用户名称和用户密码,通常较为复杂的密码的安全性较高,因此,用户在注册应用或者网站时,系统会提示用户设置较为复杂的密码。但是为了方便记忆,用户往往会根据自己的个人信息(如:姓名、生日、电话号码、身份证号码等)来设置用户密码,甚至用户会在不同应用或者网站上使用相同的用户名称和用户密码。虽然这些用户密码易于预测且有规律,但是不法分子很容易获取并有针对性地攻击用户账户。尤其是当某一应用或者网站上存储的用户信息数据发生泄露时,不法分子很容易推测出用户在其它应用或者网站中的用户密码,导致用户的所有的账户信息都可能被攻破,存在较大的安全性风险。With the advancement of information technology and the popularity of smart terminals, information security has received more and more attention and attention from the public. In many terminal applications, websites, etc., users must register user names and user passwords. Generally, passwords with relatively complicated passwords are highly secure. Therefore, when users register applications or websites, the system prompts users to set more complicated passwords. However, in order to facilitate the memory, users often set the user password according to their personal information (such as: name, birthday, phone number, ID number, etc.), and even the user will use the same user name and user password in different applications or websites. . Although these user passwords are easy to predict and regular, criminals can easily access and target user accounts in a targeted manner. Especially when the user information data stored in an application or website is leaked, the criminals can easily guess the user's password in other applications or websites, and all the account information of the user may be broken. Security risks.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本公开实施例提供一种密码生成方法及装置,以提高用户账户密码的安全性,方便用户操作。The embodiments of the present disclosure provide a password generation method and apparatus to improve the security of a user account password and facilitate user operations.
本公开实施例提供一种密码生成方法,包括:获取待登录对象的特征数据以及核心用户密码;基于所述核心用户密码生成密钥;采用第一预设加密算法,对所述密钥和所述特征数据进行加密运算,获得用户密码,其中,所述用户密码用于登录所述待登录对象。An embodiment of the present disclosure provides a password generating method, including: acquiring feature data of a to-be-registered object and a core user password; generating a key based on the core user password; using a first preset encryption algorithm, the key and the The feature data is subjected to an encryption operation to obtain a user password, wherein the user password is used to log in to the object to be logged in.
本公开实施例还提供一种密码生成装置,包括:数据输入模块、密钥生成模块以及密码运算主模块,其中,所述数据输入模块设置为获取待登录对 象的特征数据以及核心用户密码;所述密钥生成模块设置为基于所述核心用户密码生成密钥;所述密码运算主模块设置为采用第一预设加密算法,对所述密钥和所述特征数据进行加密运算,获得用户密码,其中,所述用户密码用于登录所述待登录对象。The embodiment of the present disclosure further provides a password generating apparatus, including: a data input module, a key generation module, and a cryptographic operation main module, wherein the data input module is configured to acquire feature data of a to-be-registered object and a core user password; The key generation module is configured to generate a key based on the core user password; the password operation main module is configured to adopt a first preset encryption algorithm, perform encryption operation on the key and the feature data, and obtain a user password. The user password is used to log in to the object to be logged in.
本公开实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现以上描述的方法。Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the methods described above.
本公开实施例提供了一种密码生成方法及装置,其中,首先获取待登录对象的特征数据,然后,获取核心用户密码,并基于该核心用户密码生成密钥,最后,采用预设加密算法,基于上述密钥和待登录对象的特征数据进行加密运算,获得用户密码,这样,就能够采用该用户密码登录上述待登录对象。在本公开实施例中,由于根据应用或网站的特征信息、注册的用户名、注册用户名的时间信息等数据,生成待登录对象所对应的特征数据,并根据核心用户密码与待登录对象的特征数据,生成用户所需的用户密码,所以,该用户密码符合随机性强、存储空间需求少、难以破解、不同应用的密码无相关的特点,大大提高了提高用户账户密码的安全性,使得用户仅通过记住核心用户密码即可进行登录,方便了用户操作,提供良好的用户体验。An embodiment of the present disclosure provides a method and an apparatus for generating a password, where first, acquiring feature data of an object to be logged in, then acquiring a core user password, and generating a key based on the core user password, and finally adopting a preset encryption algorithm. The user password is obtained based on the key and the feature data of the object to be logged in, so that the user password can be used to log in to the object to be logged in. In the embodiment of the present disclosure, the feature data corresponding to the object to be logged in is generated according to the feature information of the application or the website, the registered user name, the time information of the registered user name, and the like, and according to the core user password and the object to be logged in. The feature data generates the user password required by the user. Therefore, the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, thereby greatly improving the security of the user account password, The user can log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图说明DRAWINGS
图1为本公开实施例中的密码生成装置的结构示意图;1 is a schematic structural diagram of a password generating apparatus in an embodiment of the present disclosure;
图2为本公开示例一中的密码生成方法的流程示意图;2 is a schematic flow chart of a password generating method in Example 1 of the present disclosure;
图3为本公开示例二中的密码生成方法的流程示意图一;3 is a schematic flowchart 1 of a method for generating a password in Example 2 of the present disclosure;
图4为本公开示例二中的密码生成方法的流程示意图二;4 is a schematic flowchart 2 of a method for generating a password in Example 2 of the present disclosure;
图5为本公开示例二中的密码生成方法的流程示意图三;5 is a schematic flowchart 3 of a method for generating a password in Example 2 of the present disclosure;
图6为本公开示例三中的密码生成装置的结构示意图。FIG. 6 is a schematic structural diagram of a password generating apparatus in Example 3 of the present disclosure.
具体实施方式detailed description
下面将结合本公开实施例中的附图,对本公开实施例中的方案进行清 楚、完整地描述。The schemes in the embodiments of the present disclosure will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present disclosure.
本公开实施例提供一种密码生成方法,应用于一密码生成装置,该装置可以应用于如智能手机、平板电脑、笔记本电脑、智能手表等支持以用户账户信息登录应用或者网站的终端。在实际应用中,该方法可以应用于终端身份认证业务和身份注册业务中的各种需要密码的场合中,如登录网站、登录社交应用、拨号连网等。示例性地,用户可以在注册某一网站的账户时,通过该装置生成一个符合该网站密码设置规则的高密码强度的用户密码。The embodiment of the present disclosure provides a password generating method, which is applied to a password generating device, and the device can be applied to a terminal such as a smart phone, a tablet computer, a notebook computer, a smart watch, etc., which supports login of an application or a website with user account information. In practical applications, the method can be applied to various occasions requiring passwords in the terminal identity authentication service and the identity registration service, such as logging in to a website, logging in to a social application, dialing a network, and the like. Illustratively, a user may generate a high password strength user password that conforms to the website password setting rules by the device when registering an account for a website.
在本公开实施例中,图1为本公开实施例中的密码生成装置的结构示意图,参见图1所示,该装置包括:数据输入模块(DIM,Data Input Module)101、密钥生成模块(KGM,Key Generation Module)102、密码运算主模块(MEM,Main Encryption Module)103。In the embodiment of the present disclosure, FIG. 1 is a schematic structural diagram of a password generating apparatus according to an embodiment of the present disclosure. Referring to FIG. 1 , the apparatus includes: a data input module (DIM) 101 and a key generation module ( KGM, Key Generation Module 102, MEM (Main Encryption Module) 103.
DIM设置为获取待登录对象的特征数据;The DIM is set to obtain feature data of the object to be logged in;
其中,待登录对象的特征数据可以由待登录的应用或网站的特征信息、用户名、注册用户或修改密码的日期等数据中的一种或多种生成,以此确保输入数据的特征性。这里,待登录的应用或网站的特征信息是指能够唯一表示该应用或者网站的信息,使得该待登录的应用或网站区别于其他的应用或网站,在实际应用中,待登录的应用或网站的特征信息可以是指应用名称、网站域名、预先为各个应用或者网站设置的编号等。The feature data of the object to be logged in may be generated by one or more of the feature information of the application or website to be logged in, the user name, the date of registering the user, or the date the password is modified, thereby ensuring the characteristic of the input data. Here, the feature information of the application or the website to be logged in refers to the information that can uniquely represent the application or the website, so that the application or website to be logged in is different from other applications or websites, and in the actual application, the application or website to be logged in The feature information may refer to an application name, a website domain name, a number set in advance for each application or website, and the like.
KGM设置为获取用户输入的核心用户密码,并生成由核心用户密码计算出的密钥;KGM is set to obtain the core user password input by the user, and generate a key calculated by the core user password;
其中,核心用户密码是用户唯一要记住的信息,在用户使用用户密码来登录应用或者网站时,就可以输入该核心用户密码。密钥是MEM进行加密运算生成用户密码所需的密钥;The core user password is the only information that the user has to remember. When the user uses the user password to log in to the application or website, the core user password can be entered. The key is the key required by the MEM to perform the encryption operation to generate the user password;
MEM设置为根据上述密钥和特征数据进行加密运算,获得用户密码。The MEM is set to perform an encryption operation based on the above key and feature data to obtain a user password.
如此,由于根据核心用户密码与待登录对象的特征数据,来生成用户所需的用户密码,而,待登录对象的特征数据是由待登录的应用或网站的特征信息、用户名、注册用户或修改密码的日期等数据中的一种或多种组成的,所以,该用户密码具有随机性强、存储空间需求少、难以破解、不同应用的 密码无相关的特点,能够大大提高用户账户密码的安全性,而且用户仅通过记住核心用户密码即可进行登录,从而,方便了用户操作,提供良好的用户体验。In this way, the user password required by the user is generated according to the core user password and the feature data of the object to be logged in, and the feature data of the object to be logged in is the feature information, the user name, the registered user, or the user or the website to be logged in. The password is modified by one or more of the data, etc., so the user password has strong randomness, less storage space requirement, is difficult to crack, and the password of different applications is not related, and can greatly improve the password of the user account. Security, and users can log in only by remembering the core user password, which is convenient for users to operate and provide a good user experience.
下面结合上述装置,对本公开实施例提供的密码生成方法进行说明。The password generation method provided by the embodiment of the present disclosure will be described below in conjunction with the above apparatus.
示例一Example one
图2为本公开示例一中的密码生成方法的流程示意图,参见图2所示,该方法包括:2 is a schematic flowchart of a method for generating a password in the first example of the present disclosure. Referring to FIG. 2, the method includes:
S201:获取待登录对象的特征数据;S201: Acquire feature data of the object to be logged in;
这里,待登录对象可以是一应用软件,如即时聊天应用、购物应用等,也可以是一网站,如视频播放网站、搜索网站等,当然,还可以是其他支持以用户身份信息登录功能的对象,如局域网互联,这里,本公开实施例不做具体限定。Here, the to-be-registered object may be an application software, such as a live chat application, a shopping application, etc., or may be a website, such as a video playing website, a search website, etc., of course, other objects that support the login function of the user identity information. For example, the local area network is interconnected, and the embodiments of the present disclosure are not specifically limited herein.
上述待登录对象的特征数据至少由待登录对象的特征信息、待登录对象中注册的用户名、待登录对象对应的时间信息中的一种或多种数据组成,其中,上述时间信息可以是用户在待登录对象注册用户名的时间信息,或用户最近一次修改用于登录该待登录对象的用户密码的时间信息。The feature data of the to-be-registered object is composed of at least one of the feature information of the object to be logged in, the user name registered in the object to be logged in, and the time information corresponding to the object to be logged in. The time information may be the user. The time information of the user name registered in the object to be logged in, or the time information of the user password used to log in to the object to be logged in.
在实际应用中,如果用户未修改过该用户密码,那么,上述时间信息就是指注册用户名的时间;如果用户修改过该用户密码,那么,上述时间信息就会更新为最近一次修改该用户密码的时间,从而,上述时间信息就是指用户最近一次修改用于登录该待登录对象的用户密码的时间。In the actual application, if the user has not modified the user password, the time information refers to the time of registering the user name; if the user has modified the user password, the time information is updated to the last time the user password is modified. The time, thus, the time information refers to the time when the user last modified the password of the user used to log in to the object to be logged in.
在具体实施过程中,为了保证各个登录对象的用户密码之间的独立性,需要获得各个登录对象之间对应的相互独立的且可以标识该登录对象的特征数据。因此,待登录对象的特征数据可以由能够唯一表征待登录应用或网站的特征信息,如预先为待登录对象分配的编号、应用名称、网站域名等,和用户在进行身份信息注册时所使用的用户名、个人邮箱等,以及时间信息,如注册用户的日期或者修改用户密码时的日期等数据中的一种或多种数据组成。In the specific implementation process, in order to ensure the independence between the user passwords of the respective login objects, it is necessary to obtain corresponding feature data that is independent of each other and can identify the login object. Therefore, the feature data of the object to be logged in may be characterized by a feature that can uniquely represent the application or website to be logged in, such as a number assigned in advance to the object to be logged, an application name, a website domain name, etc., and a user's use in registering the identity information. A user name, a personal mailbox, etc., and time information, such as one or more data in the data such as the date of the registered user or the date when the user password was modified.
在实际应用中,当用户在应用或者网站中进行身份信息注册,如注册账户信息,或者当用户进行身份信息认证,以便登录应用或者网站时,DIM可以获取用户要登录的网站或者应用的特征信息、用户注册的用户名、用户注册或修改密码的日期等数据,并将这些数据进行串连拼接生成特征数据作为DIM的输入数据。In practical applications, when a user registers identity information in an application or a website, such as registering account information, or when a user authenticates an identity information to log in to an application or a website, the DIM can obtain the feature information of the website or application to which the user is to log in. Data such as the user name registered by the user, the date the user registers or changes the password, and serially splicing the data to generate feature data as input data of the DIM.
在具体实施过程中,为了便于在用户待登录对象时生成用户密码,可以在用户注册身份信息时,将DIM获取的用户要登录的网站或者应用的特征信息、用户注册的用户名、用户注册或修改密码的日期等数据,以及DIM生成的特征数据保存在数据库中,从而,当用户想要以之前注册成功的身份信息登录相应的应用或者网站时,DIM就可以根据待登录应用或网站的特征信息,如应用名称、网站域名等,从数据库中查找到对应的特征数据。In the specific implementation process, in order to facilitate the generation of the user password when the user is to log in to the object, the user may register the identity information, and the feature information of the website or application to which the user is to be logged in, the user name registered by the user, the user registration or The data such as the date of the modified password and the feature data generated by the DIM are stored in the database, so that when the user wants to log in to the corresponding application or website with the previously registered identity information, the DIM can be based on the characteristics of the application or website to be logged in. Information, such as the application name, website domain name, etc., finds the corresponding feature data from the database.
在本公开其它实施例中,为了保证用户密码的安全性,终端可以根据用户的操作或者周期性的对上述特征数据进行更新。例如,当终端确定要对特征数据进行更新时,可以使用当前日期,更新上述特征数据。In other embodiments of the present disclosure, in order to ensure the security of the user password, the terminal may update the feature data according to the operation of the user or periodically. For example, when the terminal determines that the feature data is to be updated, the feature data may be updated using the current date.
S202:获取核心用户密码;S202: Obtain a core user password.
这里,核心用户密码可以是用户自行设定的,也可以是注册时待登录应用或网站为用户分配的,其中,每个用户分配一个唯一的核心用户密码。Here, the core user password may be set by the user, or may be assigned to the user by the login application or the website when registering, wherein each user is assigned a unique core user password.
在实际应用中,用户唯一要记住的信息就是核心用户密码,在用户使用用户密码来登录应用或者网站时,就可以输入该核心用户密码。In practical applications, the only information that the user has to remember is the core user password. When the user uses the user password to log in to the application or website, the core user password can be entered.
S203:基于核心用户密码生成密钥;S203: Generate a key based on a core user password.
这里,KGM可以使用核心用户密码来生成MEM进行加密运算所需的密钥。Here, the KGM can use the core user password to generate the key required for the MEM to perform the encryption operation.
在具体实施过程中,S203可以包括:采用第二预设加密算法,对核心用户密码加密计算,获得源密码;从源密码中截取预设长度的数据作为密钥。In a specific implementation process, the S203 may include: using a second preset encryption algorithm, encrypting and calculating a core user password to obtain a source password; and extracting, by using a source password, a preset length of data as a key.
其中,预设长度为第一预设加密算法进行加密运算时所使用的密钥长度。The preset length is a key length used when the first preset encryption algorithm performs an encryption operation.
在用户使用用户密码来登录应用或者网站时,用户就可以输入该核心用户密码。在用户输入核心用户密码之后,KGM就会获取该核心用户密码并 启动用户密码生成功能,然后,采用第二预设加密算法对核心用户密码进行加密计算,得到源密码。最后,KGM可以根据MEM进行加密运算所需的密钥长度,从源密码中截取密钥长度的数据来作为MEM进行加密运算所需的密钥。When a user logs in to an application or website using a user password, the user can enter the core user password. After the user inputs the core user password, the KGM obtains the core user password and starts the user password generation function, and then uses the second preset encryption algorithm to encrypt and calculate the core user password to obtain the source password. Finally, the KGM can intercept the data of the key length from the source password according to the key length required for the MEM to perform the encryption operation as the key required for the MEM to perform the encryption operation.
在实际应用中,可以采用SHA256、SHA384、SHA512等Hash加密算法作为第二预设加密算法,当然,还可以采用其他加密算法来作为第二预设加密算法,这里,本公开实施例不做具体限定。当第二预设加密算法分别为SHA256、SHA384或SHA512时,那么,KGM所获得的源密码的长度可以对应为32、48或64字节(byte)。In the actual application, the Hash encryption algorithm such as SHA256, SHA384, and SHA512 may be used as the second preset encryption algorithm. Of course, other encryption algorithms may be used as the second preset encryption algorithm. Here, the embodiment of the present disclosure does not specifically limited. When the second preset encryption algorithm is SHA256, SHA384 or SHA512, respectively, the length of the source password obtained by the KGM may correspond to 32, 48 or 64 bytes.
上述密钥长度可以根据MEM进行加密运算时所采用的加密算法来确定,也可以在终端出厂前预先设定。可以按照从前往后的顺序、从后往前的顺序或其他次序等来从源密码中获取密钥长度的数据,并将获取到的密钥长度的数据确定为MEM进行加密运算时的所需的密钥。The key length may be determined according to an encryption algorithm used when the MEM performs an encryption operation, or may be preset before the terminal leaves the factory. The data of the key length may be obtained from the source password in the order from the back to the front, from the back to the front, or other order, and the data of the obtained key length is determined as required for the MEM to perform the encryption operation. Key.
示例性地,假设MEM进行加密运算所需的密钥长度为128比特位(bit),KGM根据核心用户密码计算的源密码为32byte,那么,KGM可以截取源密码的前128bits数据作为密钥,KGM也可以截取源密码的后128bits数据作为密钥,当然,还可以采用其他方式从源密码中截取128bits数据作为密钥,由本领域技术人员在具体实施的过程中确定,这里,本公开实施例不做具体限定。Exemplarily, if the key length required for the MEM to perform the encryption operation is 128 bits, and the source code calculated by the KGM according to the core user password is 32 bytes, then the KGM can intercept the first 128 bits of the source password as the key. The KGM can also intercept the last 128 bits of the source password as the key. Of course, the 128-bit data can be intercepted from the source password as a key, which is determined by a person skilled in the art in the specific implementation process. Here, the embodiment of the present disclosure No specific restrictions.
S204:根据密钥和特征数据进行加密运算,获得用户密码。S204: Perform an encryption operation according to the key and the feature data to obtain a user password.
这里,在DIM获取到待登录对象的特征数据以及KGM根据核心用户密码计算出密钥之后,MEM会获取上述特征数据和密钥,然后,采用第一预设加密算法,对特征数据采用密钥进行加密运算,获得用户密码。如此,用户就能够得到与当前待登录对象相关的用户密码。Here, after the DIM obtains the feature data of the object to be logged and the KGM calculates the key according to the core user password, the MEM acquires the feature data and the key, and then uses the first preset encryption algorithm to use the key for the feature data. Perform an encryption operation to obtain a user password. In this way, the user can get the user password associated with the currently pending object.
在实际应用中,为了提高生成用户密码的效率,上述第一预设加密算法可以为对称加密算法,如高级加密标准(AES,Advanced Encryption Standard)、数据加密标准(DES,Data Encryption Standard)、三重数据加密算法(TDEA,Triple Data Encryption Algorithm)等,当然,还可以为其它加密算法,这里,本公开实施例不做具体限定。In an actual application, in order to improve the efficiency of generating a user password, the first preset encryption algorithm may be a symmetric encryption algorithm, such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), triple The data encryption algorithm (TDEA, Triple Data Encryption Algorithm), etc., of course, may also be other encryption algorithms, and the embodiments of the present disclosure are not specifically limited herein.
在具体实施过程中,S204可以包括:采用对称加密算法,对密钥和特征数据进行运算,获得加密运算结果;获取待登录对象的密码设置规则,其中,密码设置规则至少包括待登录对象所支持的密码字符种类以及密码长度;根据密码设置规则处理加密运算结果,获得用户密码。In the specific implementation process, the S204 may include: using a symmetric encryption algorithm to perform operations on the key and the feature data to obtain an encryption operation result; and obtaining a password setting rule of the object to be logged in, wherein the password setting rule at least includes the object to be logged in to support The type of the password character and the length of the password; the encryption operation result is processed according to the password setting rule, and the user password is obtained.
MEM先基于KGM计算的密钥,利用对称加密算法,对DIM获取到的待登录对象的特征数据进行加密处理,得到加密运算结果;然后,MEM获取待登录对象所支持的密码字符种类以及密码长度;最后,将该加密运算结果的每个字节数据映射为待登录对象所支持的密码字符种类中的字符,再根据待登录对象所支持的密码长度获取符合待登录对象的密码设置规则的字符串,最终将该字符串确定为用户密码。The MEM first encrypts the feature data of the object to be logged by the DIM based on the key calculated by the KGM, and obtains the result of the encryption operation. Then, the MEM obtains the type of the password character and the length of the password supported by the object to be logged in. Finally, each byte data of the encryption operation result is mapped to a character in the password character type supported by the object to be logged, and then the character matching the password setting rule of the object to be logged is obtained according to the password length supported by the object to be logged in. String, which is ultimately determined as the user password.
在实际应用中,由于密码位数越长、使用的符号种类越多的用户密码对应的安全性就越高,因此,较优地,在根据待登录对象的密码设置规则生成用户密码时,最好以小写字母如‘a-z’、大写字母如‘A-Z’、数字如‘0-9’以及特殊字符如‘*、_’的多种组合形成用户密码。In practical applications, the longer the number of passwords, the higher the number of symbols used, and the higher the security of the user password. Therefore, when generating the user password according to the password setting rule of the object to be logged in, the most The user password is formed by various combinations of lowercase letters such as 'a-z', uppercase letters such as 'A-Z', numbers such as '0-9', and special characters such as '*, _'.
至此,便完成了用户密码的生成流程。这样,终端可以将用户密码自动填入密码的文本框,以使用该用户密码登录应用或者网站。At this point, the user password generation process is completed. In this way, the terminal can automatically fill in the user password into the password text box to use the user password to log in to the application or website.
在本示例中,首先,获取待登录对象的特征数据,然后,接收用户输入的核心用户密码,并基于该核心用户密码生成密钥,最后,采用预设加密算法,对上述密钥和待登录对象的特征数据进行加密运算,获得用户密码,这样,就能够采用该用户密码登录上述待登录对象。在本公开实施例中,由于根据应用或网站的特征信息、用户名、注册用户或修改密码的日期等数据,生成待登录对象所对应的特征数据,并根据核心用户密码与待登录对象的特征数据,生成用户所需的用户密码,所以,该用户密码符合随机性强、存储空间需求少、难以破解、不同应用的密码无相关的特点,大大提高了提高用户账户密码的安全性,使得用户仅通过记住核心用户密码即可进行登录,方便了用户操作,提供良好的用户体验。In this example, first, acquiring feature data of the object to be logged in, then receiving a core user password input by the user, and generating a key based on the core user password, and finally, using the preset encryption algorithm, the key and the to-be-registered The feature data of the object is encrypted and the user password is obtained, so that the user password can be used to log in to the object to be registered. In the embodiment of the present disclosure, the feature data corresponding to the object to be logged in is generated according to the information of the application or the feature information of the website, the user name, the registered user, or the date of modifying the password, and according to the core user password and the characteristics of the object to be logged in. The data generates the user password required by the user. Therefore, the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, which greatly improves the security of the user account password, and makes the user Log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.
示例二Example two
基于前述示例,在实际应用中,用户可以使用终端生成的用户密码在应用中注册身份信息,也可以在登录应用时重新生成该用户密码,以便登录应用,当然,还可以在更换用户密码时,生成新的用户密码。Based on the foregoing example, in an actual application, the user may register the identity information in the application by using the user password generated by the terminal, or regenerate the user password when logging in to the application, so as to log in to the application, and of course, when the user password is changed. Generate a new user password.
下面结合上述三个应用场景,对本公开实施例提供的密码生成方法进行详细的说明。The password generation method provided by the embodiment of the present disclosure is described in detail below in conjunction with the above three application scenarios.
首先,介绍用户在注册身份信息时,生成用户密码的过程。First, the process of generating a user password when the user registers the identity information is introduced.
那么,图3为本公开示例二中的密码生成方法的流程示意图一,参见图3所示,该方法包括:Then, FIG. 3 is a schematic flowchart 1 of the password generation method in the second example of the disclosure. Referring to FIG. 3, the method includes:
S301:接收用户输入的注册信息,并获取目标应用的特征信息以及当前系统时间信息;S301: Receive registration information input by the user, and obtain feature information of the target application and current system time information;
这里,当用户想要在目标应用中注册身份信息时,为了生成安全性高的用户密码,那么,就要获取用于生成用户密码的特征数据。用户可以在目标应用的注册界面中,填写注册信息,如用户名、个人邮箱、联系方式等,然后,DIM会接收到用户输入的注册信息,并从目标应用获取目标应用的特征信息,如应用名称、应用服务器域名等,再从终端中获取当前的系统时间信息作为用户注册的日期,这里,用户注册的日期是指用户在该目标应用注册用户名的时间信息。Here, when the user wants to register the identity information in the target application, in order to generate a highly secure user password, the feature data for generating the user password is acquired. The user can fill in the registration information, such as the user name, personal mailbox, contact information, etc. in the registration interface of the target application. Then, the DIM receives the registration information input by the user, and obtains the feature information of the target application from the target application, such as an application. Name, application server domain name, etc., and then obtain current system time information from the terminal as the date of user registration. Here, the date of user registration refers to the time information of the user registering the user name in the target application.
S302:将特征信息、注册信息以及当前系统时间信息进行串接,生成特征数据;S302: categorize the feature information, the registration information, and the current system time information to generate feature data.
示例性地,假设DIM获取到的特征数据包括应用的特征信息(APK_Info)、用户名(User_Name)以及用户注册的日期(Current_Time),那么,DIM获得的特征数据Data_Para可以使用以下表达式(1)来表示,Exemplarily, if the feature data acquired by the DIM includes the feature information (APK_Info) of the application, the user name (User_Name), and the date of the user registration (Current_Time), the feature data Data_Para obtained by the DIM may use the following expression (1). To represent,
Data_Para=APK_Info||User_Name||Current_Time        (1)Data_Para=APK_Info||User_Name||Current_Time (1)
其中,“||”表示数据串接操作。Where "||" indicates a data concatenation operation.
在实际应用中,为了便于生成特征数据,终端可以给每个应用的特征信息进行编码,如“支付应用”的编码为0x00000001,“聊天应用”的编码为0x00000003;终端也可以给每个用户名进行编码,如“张三”为0x12345678,“李四”为0x12345679;终端还可以将时间信息进行编码, 如“2016年12月13日14点05分”可以编码为0x0000201611131405。这里,应用的编码和用户名的编码分别为4字节数据,注册用户日期的编码为8字节数据。In practical applications, in order to facilitate the generation of feature data, the terminal may encode the feature information of each application, such as the code of the "payment application" is 0x00000001, the code of the "chat application" is 0x00000003, and the terminal may also give each user name. Coding, such as "Zhang San" is 0x12345678, "Li Si" is 0x12345679; the terminal can also encode the time information, such as "14:05 on December 13, 2016" can be coded as 0x0000201611131405. Here, the encoding of the application and the encoding of the username are respectively 4-byte data, and the encoding of the registered user date is 8-byte data.
这样,假设DIM获得的目标应用的特征信息为应用名“支付应用”、用户输入的注册信息为用户名“张三”、当前系统的时间为“2016年12月13日14点05分”,那么,根据上述表达式(1),可以将“支付应用”、“张三”以及“2016年12月13日14点05分”所对应的编码串连拼接,来组成特征数据,如此,特征数据可以表示为0x00000001123456790000201611131405。In this way, it is assumed that the feature information of the target application obtained by the DIM is the application name “payment application”, the registration information input by the user is the user name “Zhang San”, and the current system time is “14:05 on December 13, 2016”. Then, according to the above expression (1), the codes corresponding to "payment application", "Zhang San", and "14:05 on December 13, 2016" can be concatenated in series to form feature data, and thus, the feature The data can be expressed as 0x00000001123456790000201611131405.
S303:接收用户输入的核心用户密码;S303: Receive a core user password input by the user.
S304:根据核心用户密码生成密钥;S304: Generate a key according to a core user password.
在具体实施过程中,KGM可以采用SHA256、SHA384、SHA512等Hash加密算法来对核心用户密码进行加密计算,获得源密码;然后,从源密码中截取预设长度的数据,获得密钥。In the specific implementation process, KGM can use the Hash encryption algorithm such as SHA256, SHA384, SHA512 to encrypt the core user password to obtain the source password; then, the preset length data is intercepted from the source password to obtain the key.
在实际应用中,当Hash加密算法分别为SHA256、SHA384或SHA512时,那么,KGM所获得的源密码的长度可以对应为32、48或64byte。In practical applications, when the hash encryption algorithm is SHA256, SHA384, or SHA512, the length of the source password obtained by the KGM may correspond to 32, 48, or 64 bytes.
示例性地,假设KGM获得的核心用户密码为User_Key,那么,通过Hash加密算法对核心用户密码进行计算获得的源密码Source_Key可以使用以下表达式(2)来表示,Exemplarily, assuming that the core user password obtained by the KGM is User_Key, the source password Source_Key obtained by calculating the core user password by the hash encryption algorithm may be expressed by the following expression (2).
Source_Key=Hash(User_Key)            (2)Source_Key=Hash(User_Key) (2)
其中,Source_Key为Hash加密运算结果。Among them, Source_Key is the result of Hash encryption operation.
上述密钥长度可以根据MEM进行加密运算时所采用的加密算法来确定,也可以在终端出厂前预先设定。可以按照从前往后的顺序、从后往前的顺序或其他次序等来从源密码中获取密钥长度的数据,并将获取到的密钥长度的数据确定为MEM进行加密运算时的所需的密钥。The key length may be determined according to an encryption algorithm used when the MEM performs an encryption operation, or may be preset before the terminal leaves the factory. The data of the key length may be obtained from the source password in the order from the back to the front, from the back to the front, or other order, and the data of the obtained key length is determined as required for the MEM to perform the encryption operation. Key.
示例性地,假设MEM进行加密运算所需的密钥长度为128bit,Source_Key为32byte,那么,KGM可以截取Source_Key的前128bits数据作为密钥Key,从而,Key可以使用以下表达式(3)来表示,Exemplarily, if the key length required for the MEM to perform the encryption operation is 128 bits and the Source_Key is 32 bytes, then the KGM can intercept the first 128 bits of the Source_Key data as the key Key, so that the Key can be represented by the following expression (3). ,
Key=Source_Key[0:127]           (3)Key=Source_Key[0:127] (3)
其中,Key为密钥,Source_Key为源密码,[0:127]表示截取第0位至第127位上的数据。Among them, Key is the key, Source_Key is the source password, and [0:127] indicates that the data from the 0th to the 127th bits are intercepted.
当然,参见表达式(4),KGM还可以截取Source_Key的后128bits数据作为密钥Key,Of course, referring to the expression (4), the KGM can also intercept the last 128 bits of the Source_Key as the key Key.
Key=Source_Key[128:255]           (4)Key=Source_Key[128:255] (4)
其中,Key为密钥,Source_Key为源密码,[128:255]表示截取第128位至第255位上的数据。Among them, Key is the key, Source_Key is the source password, and [128:255] indicates that the data from the 128th to the 255th bit is intercepted.
S305:根据密钥和特征数据进行加密运算,获得用户密码。S305: Perform an encryption operation according to the key and the feature data to obtain a user password.
MEM在获得了密钥Key和特征数据Data_Para之后,会将AES加密运算的运算轮数(Round)配置为0;然后,参见表达式(5)所示,将Data_Para和Round进行加法运算,使用Key作为密钥进行AES加密运算,获得密码编码User_Code;最后,根据User_Code生成满足注册该应用所需的密码长度的字符串。这样,就获得了用户所需的用户密码。After the MEM obtains the key Key and the feature data Data_Para, it sets the number of rounds of the AES encryption operation to 0. Then, as shown in the expression (5), the Data_Para and the Round are added, using the Key. The AES encryption operation is performed as a key to obtain a password code User_Code; finally, a character string satisfying the password length required to register the application is generated according to User_Code. In this way, the user password required by the user is obtained.
User_Code=AES Key(Data_Para+Round)        (5) User_Code=AES Key (Data_Para+Round) (5)
其中,User_Code为AES加密运算结果,Key为密钥,Data_Para为特征数据,Round为AES加密运算的运算轮数,Round大于等于0。Among them, User_Code is the result of AES encryption operation, Key is the key, Data_Para is the feature data, Round is the number of operation rounds of AES encryption operation, and Round is greater than or equal to 0.
在实际应用中,在AES加密运算初始化时可以将Round设置为0,如果确定User_Code映射的字符串长度小于注册该应用所需的密码长度时,可以将Round递增,重新计算User_Code,直到User_Code映射的字符串长度等于注册该应用所需的密码长度时,将该字符串确定为用户密码。In practical applications, Round can be set to 0 when AES encryption operation is initialized. If it is determined that the length of the string mapped by User_Code is less than the length of the password required to register the application, Round can be incremented and User_Code can be recalculated until User_Code is mapped. When the length of the string is equal to the length of the password required to register the application, the string is determined to be the user password.
MEM生成的用户密码长度可以是用户预先指定的,也可以是MEM根据目标应用的密码设置规则中的密码长度来确定的。这里,本公开实施例不做具体限定。The length of the user password generated by the MEM may be specified by the user in advance, or may be determined by the MEM according to the password length in the password setting rule of the target application. Here, the embodiments of the present disclosure are not specifically limited.
这样,用户在目标应用上的身份信息注册成功后,就可以使用该身份信息来登录目标应用。In this way, after the user successfully registers the identity information on the target application, the identity information can be used to log in to the target application.
其次,介绍用户在登录应用时,生成用户密码的过程。Secondly, it introduces the process of generating a user password when the user logs in to the application.
那么,图4为本公开示例二中的密码生成方法的流程示意图二,参见图4所示,该方法包括:Then, FIG. 4 is a schematic flowchart 2 of the password generation method in the second example of the present disclosure. Referring to FIG. 4, the method includes:
S401:获得来自待登录应用的用户密码生成指令;S401: Obtain a user password generation instruction from an application to be logged in;
其中,用户密码生成指令用于指示生成待登录应用的用户密码,携带有待登录应用的特征信息。这里,该特征信息可以唯一标识待登录目标应用。The user password generating instruction is used to indicate the user password of the application to be logged in, and carries the feature information of the application to be logged in. Here, the feature information can uniquely identify the target application to be logged in.
S402:执行用户密码生成指令,获取待登录应用的特征信息;S402: Perform a user password generation instruction, and acquire feature information of the application to be logged in;
这里,在获得了用户密码生成指令后,为了生成用户密码,首先要从用户密码生成指令中获取待登录应用的特征信息,以便获取对应的特征数据。Here, after the user password generation instruction is obtained, in order to generate the user password, the feature information of the application to be logged in is first obtained from the user password generation instruction, so as to acquire the corresponding feature data.
S403:根据特征信息,查找对应的特征数据;S403: Search for corresponding feature data according to the feature information.
这里,可以根据特征信息,从本地数据库中查找待登录应用对应的特征数据。Here, the feature data corresponding to the application to be logged in may be searched from the local database according to the feature information.
在实际应用中,为了便于用户操作,在某一应用进行用户注册时,会根据该应用的特征信息,对应的将生成的特征数据以及生成特征数据所用的各个数据存储在本地的数据库中,以便登录应用时重新生成用户密码。In practical applications, in order to facilitate user operation, when a user registers for an application, the corresponding feature data and the data used to generate the feature data are stored in a local database according to the feature information of the application, so that Regenerate the user password when logging in to the app.
S404:接收用户输入的核心用户密码;S404: Receive a core user password input by the user;
S405:根据核心用户密码生成密钥;S405: Generate a key according to a core user password.
S406:根据密钥和特征数据进行加密运算,生成用户密码。S406: Perform an encryption operation according to the key and the feature data to generate a user password.
这样,就完成了在用户登录应用时生成注册时的用户密码,从而,用户就可以登录到应用中。In this way, the user password when the user logs in to the application is generated, so that the user can log in to the application.
最后,介绍用户在更新用户密码时,生成用户密码的过程。Finally, the process of generating a user password when the user password is updated is described.
那么,图5为本公开示例二中的密码生成方法的流程示意图三,参见图5所示,该方法包括:Then, FIG. 5 is a schematic flowchart 3 of the password generation method in the second example of the disclosure. Referring to FIG. 5, the method includes:
S501:获得来自目标应用的用户密码更新指令;S501: Obtain a user password update instruction from the target application;
这里,用户密码更新指令用于指示根据当前系统时间信息更新目标应用中的用户密码,携带有目标应用的特征信息。Here, the user password update instruction is used to instruct to update the user password in the target application according to the current system time information, and carry the feature information of the target application.
S502:执行用户密码更新指令,获取目标应用的特征信息;S502: Perform a user password update instruction to acquire feature information of the target application.
这里,在获得了用户密码更新指令后,为了查询目标应用对应的特征数据,就可以先获取目标应用的特征信息。Here, after obtaining the user password update instruction, in order to query the corresponding feature data of the target application, the feature information of the target application may be acquired first.
S503:根据特征信息,查找对应的特征数据;S503: Search for corresponding feature data according to the feature information.
S504:获取当前系统时间信息,更新特征数据;S504: Acquire current system time information, and update feature data.
在实际应用中,为了更新用户密码,当特征数据如表达式(1)所示时,可以将本地数据库中存储的特征数据中的时间信息更换为当前系统的时间信息来实现更新特征数据;当特征数据如表达式(6)所示时,也可以给特征数据中增加的当前系统的时间信息,使得更新后的特征数据如表达式(1)所示。这里,本公开实施例不做具体限定。In an actual application, in order to update the user password, when the feature data is as shown in the expression (1), the time information in the feature data stored in the local database may be replaced with the time information of the current system to update the feature data; When the feature data is as shown in Expression (6), the time information of the current system added to the feature data may be given, so that the updated feature data is as shown in Expression (1). Here, the embodiments of the present disclosure are not specifically limited.
Data_Para=APK_Info||User_Name         (6)Data_Para=APK_Info||User_Name (6)
其中,“||”表示数据串接操作,Data_Para为特征数据,APK_Info为应用的特征信息,User_Name为用户名。Wherein, "||" indicates a data concatenation operation, Data_Para is a feature data, APK_Info is a feature information of the application, and User_Name is a user name.
S505:接收用户输入的核心用户密码;S505: Receive a core user password input by the user;
S506:根据核心用户密码生成密钥;S506: Generate a key according to a core user password.
S507:根据密钥和更新后的特征数据进行加密运算,更新用户密码。S507: Perform an encryption operation according to the key and the updated feature data, and update the user password.
这样,就完成了更新目标应用中的用户密码。In this way, the user password in the update target application is completed.
示例三Example three
基于类似的发明构思,图6为本公开示例三中的密码生成装置的结构示意图,参见图6所示,该密码生成装置60包括:数据输入模块601、密钥生成模块602以及密码运算主模块603,其中,数据输入模块601设置为获取待登录对象的特征数据以及核心用户密码;密钥生成模块602设置为基于核心用户密码生成密钥;密码运算主模块603设置为采用第一预设加密算法,对密钥和特征数据进行加密运算,获得用户密码,其中,用户密码用于登录待登录对象。Based on a similar inventive concept, FIG. 6 is a schematic structural diagram of a password generating apparatus in Example 3 of the present disclosure. Referring to FIG. 6, the password generating apparatus 60 includes: a data input module 601, a key generation module 602, and a password operation main module. 603, wherein the data input module 601 is configured to acquire feature data of the object to be logged in and a core user password; the key generation module 602 is configured to generate a key based on the core user password; and the cryptographic operation main module 603 is configured to adopt the first preset encryption. The algorithm performs an encryption operation on the key and the feature data to obtain a user password, wherein the user password is used to log in the object to be logged in.
密钥生成模块还设置为采用第二预设加密算法,对核心用户密码加密计算,获得源密码;从源密码中截取预设长度的数据,获得密钥。The key generation module is further configured to adopt a second preset encryption algorithm, encrypt and calculate a core user password, obtain a source password, and intercept a preset length of data from the source password to obtain a key.
密码运算主模块还设置为采用对称加密算法,对密钥和特征数据进行运算,获得加密运算结果;获取待登录对象的密码设置规则,其中,密码设置规则至少包括待登录对象所支持的密码字符种类以及密码长度;根据密码设置规则处理加密运算结果,获得用户密码。The cryptographic operation main module is further configured to use a symmetric encryption algorithm to perform operations on the key and the feature data to obtain an encryption operation result; and obtain a password setting rule of the object to be logged in, wherein the password setting rule includes at least a password character supported by the object to be logged in Type and password length; the encryption operation result is processed according to the password setting rule, and the user password is obtained.
密码运算主模块还设置为将加密运算结果的每个字节数据映射为待登录对象所支持的密码字符种类中的字符;基于字符,获得满足密码长度的字符串;将字符串确定为用户密码。The cryptographic operation main module is further configured to map each byte data of the cryptographic operation result to a character in a cipher character type supported by the object to be logged; obtain a character string satisfying the password length based on the character; and determine the character string as the user password .
在实际应用中,上述数据输入模块、密钥生成模块以及密码运算主模块均可由中央处理器(CPU,Central Processing Unit)、微处理器(MPU,Micro Processor Unit)、数字信号处理器(DSP,Digital Signal Processor)、或现场可编程门阵列(FPGA,Field Programmable Gate Array)等实现。In practical applications, the data input module, the key generation module, and the cryptographic operation main module may be a Central Processing Unit (CPU), a Micro Processor Unit (MPU), and a Digital Signal Processor (DSP). Digital Signal Processor), or Field Programmable Gate Array (FPGA).
以上装置实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果,因此不做赘述。对于本公开装置实施例中未披露的技术细节,请参照本公开方法实施例的描述而理解,为节约篇幅,因此不再赘述。The description of the above device embodiments is similar to the description of the above method embodiments, and has similar advantageous effects as the method embodiments, and thus will not be described again. For the technical details that are not disclosed in the embodiments of the present disclosure, please refer to the description of the method embodiments of the present disclosure, and the details are not described herein.
本公开实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现以上描述的方法。Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the methods described above.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪 存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
以上所述,仅为本公开的示例性实施例而已,并非用于限定本公开的保护范围。The above description is only for the exemplary embodiments of the present disclosure, and is not intended to limit the scope of the disclosure.
工业实用性Industrial applicability
本公开实施例提供了一种密码生成方法及装置,其中,首先获取待登录对象的特征数据,然后,获取核心用户密码,并基于该核心用户密码生成密钥,最后,采用预设加密算法,基于上述密钥和待登录对象的特征数据进行加密运算,获得用户密码,这样,就能够采用该用户密码登录上述待登录对象。在本公开实施例中,由于根据应用或网站的特征信息、注册的用户名、注册用户名的时间信息等数据,生成待登录对象所对应的特征数据,并根据核心用户密码与待登录对象的特征数据,生成用户所需的用户密码,所以,该用户密码符合随机性强、存储空间需求少、难以破解、不同应用的密码无相关的特点,大大提高了提高用户账户密码的安全性,使得用户仅通过记住核心用户密码即可进行登录,方便了用户操作,提供良好的用户体验。An embodiment of the present disclosure provides a method and an apparatus for generating a password, where first, acquiring feature data of an object to be logged in, then acquiring a core user password, and generating a key based on the core user password, and finally adopting a preset encryption algorithm. The user password is obtained based on the key and the feature data of the object to be logged in, so that the user password can be used to log in to the object to be logged in. In the embodiment of the present disclosure, the feature data corresponding to the object to be logged in is generated according to the feature information of the application or the website, the registered user name, the time information of the registered user name, and the like, and according to the core user password and the object to be logged in. The feature data generates the user password required by the user. Therefore, the user password meets the characteristics of strong randomness, less storage space requirement, difficulty in cracking, and unrelated passwords of different applications, thereby greatly improving the security of the user account password, The user can log in only by remembering the core user password, which is convenient for the user to operate and provides a good user experience.

Claims (11)

  1. 一种密码生成方法,包括:A method for generating a password, comprising:
    获取待登录对象的特征数据(S201)以及核心用户密码(S202);Obtaining feature data of the object to be logged in (S201) and a core user password (S202);
    基于所述核心用户密码生成密钥(S203);Generating a key based on the core user password (S203);
    采用第一预设加密算法,对所述密钥和所述特征数据进行加密运算,获得用户密码(S204),其中,所述用户密码用于登录所述待登录对象。And performing the encryption operation on the key and the feature data by using a first preset encryption algorithm to obtain a user password (S204), wherein the user password is used to log in to the object to be logged in.
  2. 根据权利要求1所述的方法,其中,所述待登录对象的特征数据至少由所述待登录对象的特征信息、所述待登录对象中注册的用户名、所述待登录对象对应的时间信息中的一种或多种数据组成,其中,所述时间信息为在所述待登录对象注册所述用户名的时间信息或最近一次修改所述用户密码的时间信息。The method according to claim 1, wherein the feature data of the object to be logged in is at least the feature information of the object to be logged in, the user name registered in the object to be logged in, and the time information corresponding to the object to be logged in And one or more data components, wherein the time information is time information for registering the user name in the object to be logged in or time information for modifying the user password last time.
  3. 根据权利要求1所述的方法,其中,所述基于所述核心用户密码生成密钥(S203),包括:The method of claim 1, wherein the generating a key based on the core user password (S203) comprises:
    采用第二预设加密算法,对所述核心用户密码加密计算,获得源密码;Using a second preset encryption algorithm, encrypting and calculating the core user password to obtain a source password;
    从所述源密码中截取预设长度的数据作为所述密钥。A preset length of data is intercepted from the source password as the key.
  4. 根据权利要求3所述的方法,其中,所述预设长度为所述第一预设加密算法进行加密运算时所使用的密钥长度。The method according to claim 3, wherein the preset length is a key length used when the first preset encryption algorithm performs an encryption operation.
  5. 根据权利要求1所述的方法,其中,所述采用第一预设加密算法,对所述密钥和所述特征数据进行加密运算,获得用户密码(S204),包括:The method according to claim 1, wherein the encrypting the key and the feature data by using a first preset encryption algorithm to obtain a user password (S204) includes:
    采用对称加密算法,对所述密钥和所述特征数据进行运算,获得加密运算结果;Using a symmetric encryption algorithm, performing operations on the key and the feature data to obtain an encryption operation result;
    获取所述待登录对象的密码设置规则,其中,所述密码设置规则包括所述待登录对象所支持的密码字符种类以及密码长度;Obtaining a password setting rule of the object to be logged in, wherein the password setting rule includes a password character type supported by the object to be logged in and a password length;
    根据所述密码设置规则处理所述加密运算结果,获得所述用户密码。And processing the encryption operation result according to the password setting rule to obtain the user password.
  6. 根据权利要求5所述的方法,其中,所述根据所述密码设置规则处理所述加密运算结果,获得所述用户密码,包括:The method according to claim 5, wherein the processing the encryption operation result according to the password setting rule to obtain the user password comprises:
    将所述加密运算结果的每个字节数据映射为所述待登录对象所支持的 密码字符种类中的字符;Mapping each byte data of the encryption operation result to a character in a password character type supported by the object to be registered;
    基于所述字符,获得满足所述密码长度的字符串;Obtaining a character string satisfying the length of the password based on the character;
    将所述字符串确定为所述用户密码。The character string is determined as the user password.
  7. 一种密码生成装置(60),包括:数据输入模块(601)、密钥生成模块(602)以及密码运算主模块(603),其中,A password generating device (60) includes: a data input module (601), a key generation module (602), and a cryptographic operation main module (603), wherein
    所述数据输入模块(601)设置为获取待登录对象的特征数据以及核心用户密码;The data input module (601) is configured to acquire feature data of the object to be logged in and a core user password;
    所述密钥生成模块(602)设置为基于所述核心用户密码生成密钥;The key generation module (602) is configured to generate a key based on the core user password;
    所述密码运算主模块(603)设置为采用第一预设加密算法,对所述密钥和所述特征数据进行加密运算,获得用户密码,其中,所述用户密码用于登录所述待登录对象。The cryptographic operation main module (603) is configured to use a first preset encryption algorithm to perform an encryption operation on the key and the feature data to obtain a user password, where the user password is used to log in to the login Object.
  8. 根据权利要求7所述的装置(60),其中,所述密钥生成模块(602)还设置为采用第二预设加密算法,对所述核心用户密码加密计算,获得源密码;从所述源密码中截取预设长度的数据作为所述密钥。The apparatus (60) according to claim 7, wherein the key generation module (602) is further configured to encrypt the core user password by using a second preset encryption algorithm to obtain a source password; The source password is intercepted as data of a preset length.
  9. 根据权利要求7所述的装置(60),其中,所述密码运算主模块(603)设置为将所述密钥和所述特征数据输入对称加密算法,获得加密运算结果;获取所述待登录对象的密码设置规则,其中,所述密码设置规则包括所述待登录对象支持的密码字符种类以及密码长度;根据所述密码设置规则处理所述加密运算结果,获得所述用户密码。The apparatus (60) according to claim 7, wherein the cryptographic operation main module (603) is configured to input the key and the feature data into a symmetric encryption algorithm to obtain an cryptographic operation result; and obtain the to-be-registered a password setting rule of the object, wherein the password setting rule includes a password character type supported by the object to be registered and a password length; and the encryption operation result is processed according to the password setting rule to obtain the user password.
  10. 根据权利要求9所述的装置(60),其中,所述密码运算主模块(603)设置为将所述加密运算结果的每个字节数据映射为所述待登录对象所支持的密码字符种类中的字符;基于所述字符,获得满足所述密码长度的字符串;将所述字符串确定为所述用户密码。The apparatus (60) according to claim 9, wherein said cryptographic operation main module (603) is arranged to map each byte data of said cryptographic operation result to a cipher character type supported by said object to be logged in a character in the file; based on the character, obtaining a character string satisfying the length of the password; determining the character string as the user password.
  11. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现权利要求1-6中任一项所述的方法。A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the method of any of claims 1-6.
PCT/CN2018/072025 2017-02-28 2018-01-10 Method and device for generating password WO2018157667A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710114068.6A CN108512657B (en) 2017-02-28 2017-02-28 Password generation method and device
CN201710114068.6 2017-02-28

Publications (1)

Publication Number Publication Date
WO2018157667A1 true WO2018157667A1 (en) 2018-09-07

Family

ID=63370615

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/072025 WO2018157667A1 (en) 2017-02-28 2018-01-10 Method and device for generating password

Country Status (2)

Country Link
CN (1) CN108512657B (en)
WO (1) WO2018157667A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399704A (en) * 2019-06-20 2019-11-01 平安科技(深圳)有限公司 Change method, apparatus, computer equipment and the storage medium of account number cipher
CN110765447A (en) * 2019-10-25 2020-02-07 华中师范大学 Password enhancement method and bracelet

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100208888A1 (en) * 2009-02-13 2010-08-19 Dominik Weber Password key derivation system and method
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN106257859A (en) * 2015-06-18 2016-12-28 黄瑞杰 A kind of password using method
CN106453352A (en) * 2016-10-25 2017-02-22 电子科技大学 Single-system multi-platform authentication method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100583734C (en) * 2004-09-22 2010-01-20 王锐勋 Method for realizing volatile secret key and separated checking module by collecting human characteristic
US8284933B2 (en) * 2009-03-19 2012-10-09 Ca, Inc. Encrypting variable-length passwords to yield fixed-length encrypted passwords
CN101815291A (en) * 2010-03-22 2010-08-25 中兴通讯股份有限公司 Method and system for logging on client automatically
CN102170354B (en) * 2011-04-11 2016-07-06 桂林电子科技大学 Account number cipher certification is concentrated to generate system
US20130301830A1 (en) * 2012-05-08 2013-11-14 Hagai Bar-El Device, system, and method of secure entry and handling of passwords
CN103746801A (en) * 2014-01-21 2014-04-23 北京智控美信信息技术有限公司 Method for protecting dynamic password seed key on smart phone or tablet personal computer
CN105447938A (en) * 2015-12-03 2016-03-30 广州合立正通信息科技有限公司 Door control visual intercom service system and control method thereof
CN105897412A (en) * 2015-12-15 2016-08-24 乐视网信息技术(北京)股份有限公司 Website password generation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100208888A1 (en) * 2009-02-13 2010-08-19 Dominik Weber Password key derivation system and method
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN106257859A (en) * 2015-06-18 2016-12-28 黄瑞杰 A kind of password using method
CN106453352A (en) * 2016-10-25 2017-02-22 电子科技大学 Single-system multi-platform authentication method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399704A (en) * 2019-06-20 2019-11-01 平安科技(深圳)有限公司 Change method, apparatus, computer equipment and the storage medium of account number cipher
CN110765447A (en) * 2019-10-25 2020-02-07 华中师范大学 Password enhancement method and bracelet
CN110765447B (en) * 2019-10-25 2024-01-23 华中师范大学 Password enhancement method and bracelet

Also Published As

Publication number Publication date
CN108512657A (en) 2018-09-07
CN108512657B (en) 2021-05-14

Similar Documents

Publication Publication Date Title
US10021085B1 (en) Encryption and decryption techniques using shuffle function
KR101999188B1 (en) Secure personal devices using elliptic curve cryptography for secret sharing
US10873450B2 (en) Cryptographic key generation for logically sharded data stores
US11184157B1 (en) Cryptographic key generation and deployment
US9846785B2 (en) Efficient two party oblivious transfer using a leveled fully homomorphic encryption
US10574648B2 (en) Methods and systems for user authentication
CN110224999B (en) Information interaction method and device and storage medium
US9768957B2 (en) Generation and management of multiple base keys based on a device generated key
CN104683354B (en) A kind of dynamic password system based on mark
US20170262546A1 (en) Key search token for encrypted data
EP3363151A1 (en) Apparatus, method and computer program product for authentication
US9641328B1 (en) Generation of public-private key pairs
EP3022866A1 (en) Method and system for authenticating a user of a device
US11968300B2 (en) Data extraction system, data extraction method, registration apparatus, and program
US11934323B2 (en) Diversifying a base symmetric key based on a public key
WO2018157667A1 (en) Method and device for generating password
SE540649C2 (en) Method and system for secure password storage
CN113343255A (en) Data interaction method based on privacy protection
CN111859435B (en) Data security processing method and device
US10050943B2 (en) Widely distributed parameterization
CN115361198A (en) Decryption method, encryption method, device, computer equipment and storage medium
CN112565156B (en) Information registration method, device and system
US11343078B2 (en) System and method for secure input at a remote service
WO2019006848A1 (en) Password generation method and apparatus, and password check method and apparatus
US20230104633A1 (en) Management system and method for user authentication on password based systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18760740

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18760740

Country of ref document: EP

Kind code of ref document: A1